Mailinglist Archive: opensuse-security (685 mails)

< Previous Next >
ppptp Denial-Of-Service Attack
  • From: Fuchs Josef <josef.fuchs@xxxxxxxxxx>
  • Date: Wed, 6 Feb 2002 15:25:00 +0100
  • Message-id: <255627506.1561268575.141@xxxxxxxxxxxxxxxxxxxxxxx>

Dear List!

I use SuSE 7.3 with latest updates loaded.

I´ve discovered a problem with MS-VPN (ppp).
When some Win98 PC connect to the VPN on the firewall, the firewall will
stop (DOS) immediatly. Its hanging fully so that i can only switch the
power off. No reaction on Keyboard.

This problem is specific to 2 PCs which are owned by an related company.
When I try to connect to VPN with clean installed Win98 it´s working
fine.

The problem is occuring EVERY time, when one of the 2 PCs try to connect,
and ONLY then.

I sent you some part of the system messages.

Can someone of you Gurus out there tell me whats going on and how to
protect against that??

kind regards
Josef Fuchs


----snip----
Feb 6 08:55:41 fwley pptpd[16972]: MGR: Launching /usr/sbin/pptpctrl to
handle client
Feb 6 08:55:41 fwley pptpd[16972]: CTRL: local address = 192.168.91.31
Feb 6 08:55:41 fwley pptpd[16972]: CTRL: remote address = 192.168.91.131
Feb 6 08:55:41 fwley pptpd[16972]: CTRL: pppd speed = 2000000
Feb 6 08:55:41 fwley pptpd[16972]: CTRL: pppd options file =
/etc/ppp/options.ppp0
Feb 6 08:55:41 fwley pptpd[16972]: CTRL: Client 212.152.181.235 control
connection started
Feb 6 08:55:41 fwley pptpd[16972]: CTRL: Received PPTP Control Message
(type: 1)
Feb 6 08:55:41 fwley pptpd[16972]: CTRL: Made a START CTRL CONN RPLY
packet
Feb 6 08:55:41 fwley pptpd[16972]: CTRL: I wrote 156 bytes to the
client.
Feb 6 08:55:41 fwley pptpd[16972]: CTRL: Sent packet to client
Feb 6 08:55:41 fwley pptpd[16972]: CTRL: Received PPTP Control Message
(type: 7)
Feb 6 08:55:41 fwley pptpd[16972]: CTRL: 0 min_bps, 0 max_bps, 32 window
size
Feb 6 08:55:41 fwley pptpd[16972]: CTRL: Made a OUT CALL RPLY packet
Feb 6 08:55:41 fwley pptpd[16972]: CTRL: Starting call (launching pppd,
opening GRE)
Feb 6 08:55:41 fwley pptpd[16972]: CTRL: pty_fd = 5
Feb 6 08:55:41 fwley pptpd[16972]: CTRL: tty_fd = 6
Feb 6 08:55:41 fwley pptpd[16972]: CTRL: I wrote 32 bytes to the client.
Feb 6 08:55:41 fwley pptpd[16973]: CTRL (PPPD Launcher): Connection
speed = 2000000
Feb 6 08:55:41 fwley pptpd[16973]: CTRL (PPPD Launcher): local address =
192.168.91.31
Feb 6 08:55:41 fwley pptpd[16973]: CTRL (PPPD Launcher): remote address
= 192.168.91.131
Feb 6 08:55:41 fwley pppd[16973]: pppd 2.4.1 started by root, uid 0
Feb 6 08:55:41 fwley pppd[16973]: speed 2000000 not supported
Feb 6 08:55:41 fwley pppd[16973]: using channel 9
Feb 6 08:55:42 fwley pppd[16973]: Using interface ppp0
Feb 6 08:55:42 fwley pppd[16973]: Connect: ppp0 <--> /dev/pts/2
Feb 6 08:55:42 fwley pppd[16973]: sent [LCP ConfReq id=0x1 <asyncmap
0x0> <auth chap 81> <magic 0xda747c09> <pcomp> <accomp>]
Feb 6 08:55:42 fwley pptpd[16972]: CTRL: Sent packet to client
Feb 6 08:55:42 fwley pptpd[16972]: Buffering out-of-order packet; got 1
after 4294967295
Feb 6 08:55:42 fwley pptpd[16972]: Packet reorder timeout waiting for 0
Feb 6 08:55:42 fwley pptpd[16972]: Buffering out-of-order packet; got 2
after 0
Feb 6 08:55:42 fwley pppd[16973]: rcvd [LCP ConfReq id=0x1 <magic
0x2eb01> <pcomp> <accomp>]
Feb 6 08:55:42 fwley pppd[16973]: sent [LCP ConfAck id=0x1 <magic
0x2eb01> <pcomp> <accomp>]
Feb 6 08:55:42 fwley pppd[16973]: rcvd [LCP ConfAck id=0x1 <asyncmap
0x0> <auth chap 81> <magic 0xda747c09> <pcomp> <accomp>]
Feb 6 08:55:42 fwley pppd[16973]: sent [LCP EchoReq id=0x0
magic=0xda747c09]
Feb 6 08:55:42 fwley pppd[16973]: cbcp_lowerup
Feb 6 08:55:42 fwley pppd[16973]: want: 2
Feb 6 08:55:42 fwley pppd[16973]: sent [CHAP Challenge id=0x1
<ac12531d063b3df1b0103aea2b3ef0ee>, name = "fwley"]
Feb 6 08:55:42 fwley pppd[16973]: rcvd [LCP EchoRep id=0x0
magic=0x2eb01]
Feb 6 08:55:42 fwley pppd[16973]: rcvd [CHAP Response id=0x1
<df698fa54f8050adeda7e868c5a4b71200000000000000003614c5b8cd2f8914050eada09
fb5540133cb5fcae186112e04>, name = "Zeitung\\gaby_leykam_vpn"]
Feb 6 08:55:42 fwley pppd[16973]: No CHAP secret found for
authenticating Zeitung\\gaby_leykam_vpn
Feb 6 08:55:42 fwley pppd[16973]: sent [CHAP Failure id=0x1 "I don't
like you. Go 'way."]
Feb 6 08:55:42 fwley pppd[16973]: MSCHAP-v2 peer authentication failed
for remote host Zeitung\\gaby_leykam_vpn
Feb 6 08:55:42 fwley pppd[16973]: cbcp_lowerdown
Feb 6 08:55:42 fwley pppd[16973]: sent [LCP TermReq id=0x2
"Authentication failed"]
Feb 6 08:55:42 fwley pppd[16973]: rcvd [LCP TermAck id=0x2]
Feb 6 08:55:42 fwley pppd[16973]: Connection terminated.
Feb 6 08:55:42 fwley pptpd[16972]: CTRL: Received PPTP Control Message
(type: 12)
Feb 6 08:55:42 fwley pptpd[16972]: CTRL: Made a CALL DISCONNECT RPLY
packet
Feb 6 08:55:42 fwley pptpd[16972]: CTRL: Received CALL CLR request
(closing call)
Feb 6 08:55:42 fwley pptpd[16972]: CTRL: I wrote 148 bytes to the
client.
Feb 6 08:55:42 fwley pptpd[16972]: CTRL: Sent packet to client
Feb 6 08:55:42 fwley pppd[16973]: tcflush failed: Input/output error
Feb 6 08:55:42 fwley pppd[16973]: Exit.
Feb 6 08:55:47 fwley pptpd[16972]: GRE: read error: Bad file descriptor
Feb 6 08:55:47 fwley pptpd[16972]: CTRL: PTY read or GRE write failed
(pty,gre)=(-1,-1)
Feb 6 08:55:47 fwley pptpd[16972]: CTRL: Client 212.152.181.235 control
connection finished
Feb 6 08:55:47 fwley pptpd[16972]: CTRL: Exiting now
Feb 6 08:55:47 fwley pptpd[10362]: MGR: Reaped child 16972
Feb 6 08:56:05 fwley squid[1843]: Squid Parent: child process 1844
exited due to signal 11
Feb 6 08:56:05 fwley kernel: Unable to handle kernel paging request at
virtual address 240296ed
Feb 6 08:56:05 fwley kernel: printing eip:
Feb 6 08:56:05 fwley kernel: c012cc0a
Feb 6 08:56:05 fwley kernel: *pde = 00000000
Feb 6 08:56:05 fwley kernel: Oops: 0000
Feb 6 08:56:05 fwley kernel: CPU: 0
Feb 6 08:56:05 fwley kernel: EIP: 0010:[__free_pages+2/32]
Feb 6 08:56:05 fwley kernel: EFLAGS: 00010246
Feb 6 08:56:05 fwley kernel: eax: 240296d5 ebx: 00000000 ecx:
240296d5 edx: 00000000
Feb 6 08:56:05 fwley kernel: esi: d36870a0 edi: d36870fc ebp:
c411e698 esp: d2843e88
Feb 6 08:56:05 fwley kernel: ds: 0018 es: 0018 ss: 0018
Feb 6 08:56:05 fwley kernel: Process squid (pid: 1844,
stackpage=d2843000)
Feb 6 08:56:05 fwley kernel: Stack: c01f029d d36870a0 00000081 c01f02db
d36870a0 d36870a0 c01f0441 d36870a0
Feb 6 08:56:05 fwley kernel: d36870a0 00000000 c020ab53 d36870a0
c029f520 00015554 d2843f80 d2843f80
snip---------


< Previous Next >
Follow Ups